OAuth 2.0 is an open standard for authorization. OAuth is designed to enable users to provide third parties with access to their resources without sharing their credentials. Instead of credentials, an OAuth access token is issued to the third party. The token grants access to a specific resource, on a specific site, for a defined duration (for example, 30 minutes), on behalf of a specific user. The Microsoft server-toserver protocol relies on OAuth to share information across server platforms.
For example, suppose a user creates an eDiscovery case in SharePoint. The purpose of the eDiscovery case is to identify content, both in SharePoint sites and Exchange mailboxes, which must be preserved as part of a legal hold. In this case, the Exchange server will issue an OAuth token that grants the SharePoint server access to the required mailboxes for a fixed period of time. In the same way, workflows hosted on Windows Azure Workflow Server must be able to retrieve data from SharePoint.
The SharePoint server will issue an OAuth token that grants the Windows Azure Workflow Server access to the requested SharePoint content for a fixed period of time. It is important to understand that OAuth tokens are issued on behalf of users. When a user action results in a server-to-server request, the user is effectively authorizing SharePoint to issue an OAuth token on his or her behalf.